Who can see your data when you visit a non-encrypted HTTP site?

Using a VPN is good practice for every type of connection, but can be particularly useful when browsing unsecured HTTP websites.
ExpressVPN news
2 mins
Use a VPN for safer browsing on HTTP websites.

This post was originally published on February 14, 2017.

Websites that use HTTPS (indicated by the green lock in the browser bar) encrypt all data between your browser and the website’s server. Nobody in between can see the content of the connection, keeping you safe from man-in-the-middle attacks.

Browsing sites that don’t use HTTPS

A site that does not offer basic HTTPS encryption exposes your data to a variety of actors. Using a VPN can help protect you against the worst of these.

Who can see your HTTP data when you are not using a VPN?

  • The Wi-Fi router/operator
  • Your ISP
  • Actors between your ISP and the server’s ISP
  • The server’s ISP

It’s impossible to avoid snoops on international internet switches and deep sea fiber cables. Intelligence agencies of large nation states, as well as any governments the data passes through, can see and harvest unencrypted content.

If you connect with a VPN, eavesdroppers will have a more difficult time identifying you and your whereabouts. However, the information inside the transmitted data (such as email addresses, names, or information about your computer) could still identify you.

Wi-Fi Router/Operators can see almost all that you do online

The operator of a local network is able to see every site you visit and follow each click you make or form you fill out. On top of this, the contents of communications made via HTTP requests are also visible.

Local network operators could also inject malicious code into any site you visit or replace any software you’re downloading with their own.

Often, the malicious injections take innocent forms, such as advertisements, which routers will place into the sites you visit. More intelligent malware variants will replace existing advertisements with their own, depriving the site-owners of advertising income.

Advert replacements are usually not due to malice on the side of the entity providing the internet. More commonly, the router is infected with malware and spreads it to other devices on the network without any knowledge of the system owner.

Additionally, if the Wi-Fi is not configured with a modern encryption standard (preferably WPA2), others around you could also read and intercept your internet data.

Using a VPN for safer HTTP connections

Connecting to a trusted VPN service eliminates all these threats from the Wi-Fi router by establishing an encrypted tunnel between your device and the VPN service. Nobody in between, such as your neighbor or the Wi-Fi operator are able to intercept or read any data.

Any concerns that the router is hacked can also be safely disregarded. The VPN ensures a router can’t interfere with your connection beyond cutting it off.

It’s important to choose a VPN you can trust

It’s true that a VPN service is in a position where it could read and intercept your data. Luckily, finding a well-maintained service with secure VPN servers that do not keep logs is easier than finding public Wi-Fi with a competent system administrator.

Subscribing to a trustworthy VPN will protect you everywhere you connect to the internet. No need to take a long walk to find a connection you can trust. Just connect to your VPN from anywhere.

The devs are the backbone of ExpressVPN and occasionally contribute their otherworldly wisdom to the blog.